If It Doesn't Have Paper Backups and Automatic Audits, It's Not an Election Security Bill

Right now, the U.S. Senate is debating an issue that’s critical to our democratic future: secure elections. Hacking attacks were used to try to undermine the 2016 U.S. election, and in recent years, elections in Latin America and Ukraine were also subject to cyber attacks.

It only makes sense to harden the security of U.S. voting machines, which are perhaps the most direct route to impacting an election’s results. But the current bill that’s advancing in the Senate, the Secure Elections Act, is no solution at all. If it isn’t strengthened dramatically, senators should vote against this deeply flawed bill.

The best solution to stop a possible hack of voting machines is clear: all machines must use a paper trail that’s regularly audited. Many states with voting machines already use paper, but more than a dozen are using at least some machines that provide no paper trail. In five states—New Jersey, Delaware, South Carolina, Georgia, and Louisiana—not a single jurisdiction has a paper trail.

As important as they are, paper trails only work if they’re checked. As we’ve said since the aftermath of the 2016 election, we not only need elections to be auditable, we need them to be audited.

Currently, U.S. elections are usually audited only when they are extremely close or in other unusual situations. There is a cheap and effective way to audit all of our elections, using a system that statisticians call “risk-limiting audits.” By hand-verifying a small number of randomly chosen ballots, election officials can check, with a high degree of certainty, that the election results were recorded properly. Because they don’t involve massive statewide recounts, such audits can and should be performed after each election. Election audits should be like an annual checkup, not like a visit to the emergency room.

The current bill moving ahead in the Senate, S. 2593, falls far short. The bill once included both of these measures, but following amendments, now has neither. It isn’t a mystery how to get this done. A competing bill introduced by Sen. Ron Wyden would mandate both risk-limiting audits and a verifiable paper trail, and has gained three more cosponsors since S. 2593 has been watered down.

Secure and verifiable voting isn’t optional. Tell the Senate to either pass a strong bill or oppose the Secure Elections Act.

Earlier this week, Google dropped a bombshell: in March, the company discovered a “bug” in its Google+ API that allowed third-party apps to access private data from its millions of users. The company confirmed that at least 500,000 people were “potentially affected.” Google’s mishandling of data was bad...

You shouldn’t be convicted by secret evidence in a functional democracy. So when the government uses forensic software to investigate and build its case in a criminal prosecution, it should not hide that technological evidence from the defense. In an amicus brief filed today EFF urged the Ninth Circuit...

If you found yourself logged out of Facebook this morning, you were in good company. Facebook forced more than 90 million Facebook users to log out and back into their accounts Friday morning in response to a massive data breach. According to Facebook’s announcement, it detected...

Add “a phone number I never gave Facebook for targeted advertising” to the list of deceptive and invasive ways Facebook makes money off your personal information. Contrary to user expectations and Facebook representatives’ own previous statements, the company has been using contact information that users explicitly provided for security purposes—or...

The Australian government has ignored the expertise of researchers, developers, major tech companies, and civil liberties organizations by charging forward with a disastrous proposal to undermine trust and security for technology users around the world. On September 10, the Australian government closed the window for receiving feedback about its ...

Congress has never made a law saying, "Corporations should get to decide who gets to publish truthful information about defects in their products,"— and the First Amendment wouldn't allow such a law — but that hasn't stopped corporations from conjuring one out of thin air, and then defending it as...

You may have arrived at this post because you received an email from a purported hacker who is demanding payment or else they will send compromising information—such as pictures sexual in nature—to all your friends and family. You’re searching for what to do in this frightening situation. Don’t panic. Contrary...